|Max CVSS||5.0||Min CVSS||5.0||Total Count||2|
|ID||CVSS||Summary||Last (major) update||Published|
GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. This issue (which is a subset of the vendor's GNUTLS-SA-2017-3 report) is
|05-01-2018 - 02:31||14-04-2017 - 04:59|
GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application.
|05-01-2018 - 02:31||16-06-2017 - 19:29|
The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism
|05-01-2018 - 02:31||27-09-2016 - 15:59|